Cisco®
Oracle
CompTIA
Checkpoint
ISC
EC-Council
EXIN
Fortinet
ITIL®
Juniper
Microsoft
VMware
Avaya
SAP
Google
Salesforce
Amazon
Palo Alto Networks
ISC2
All Vendors
  2. Home
  3. Exams
  4. ISACA
  5. CISM

Free ISACA CISM Exam Braindumps (page: 78)

Page 78 of 430
PDF with 1716 Questions

A risk management approach to information protection is:

  1. managing risks to an acceptable level, commensurate with goals and objectives.
  2. accepting the security posture provided by commercial security products.
  3. implementing a training program to educate individuals on information protection and risks.
  4. managing risk tools to ensure that they assess all information protection vulnerabilities.

Answer(s): A

Explanation:

Risk management is identifying all risks within an organization, establishing an acceptable level of risk and effectively managing risks which may include mitigation or transfer. Accepting the security- posture provided by commercial security products is an approach that would be limited to technology components and may not address all business operations of the organization. Education is a part of the overall risk management process. Tools may be limited to technology and would not address non-technology risks.



Which of the following is the MOST effective way to treat a risk such as a natural disaster that has a low probability and a high impact level?

  1. Implement countermeasures.
  2. Eliminate the risk.
  3. Transfer the risk.
  4. Accept the risk.

Answer(s): C

Explanation:

Risks are typically transferred to insurance companies when the probability of an incident is low but the impact is high. Examples include: hurricanes, tornados and earthquakes. Implementing countermeasures may not be the most cost-effective approach to security management. Eliminating the risk may not be possible. Accepting the risk would leave the organization vulnerable to a catastrophic disaster which may cripple or ruin the organization. It would be more cost effective to pay recurring insurance costs than to be affected by a disaster from which the organization cannot financially recover.



To ensure that payroll systems continue on in an event of a hurricane hitting a data center, what would be the FIRS T crucial step an information security manager would take in ensuring business continuity planning?

  1. Conducting a qualitative and quantitative risk analysis.
  2. Assigning value to the assets.
  3. Weighing the cost of implementing the plan vs. financial loss.
  4. Conducting a business impact analysis (BIA).

Answer(s): D

Explanation:

BIA is an essential component of an organization's business continuity plan; it includes an exploratory component to reveal any vulnerabilities and a planning component to develop strategies for minimizing risk. It is the first crucial step in business continuity planning. Qualitative and quantitative risk analysis will have been completed to define the dangers to individuals, businesses and government agencies posed by potential natural and human-caused adverse events. Assigning value to assets is part of the BIA process. Weighing the cost of implementing the plan vs. financial loss is another part of the BIA.



An information security organization should PRIMARILY:

  1. support the business objectives of the company by providing security-related support services.
  2. be responsible for setting up and documenting the information security responsibilities of the information security team members.
  3. ensure that the information security policies of the company are in line with global best practices and standards.
  4. ensure that the information security expectations are conveyed to employees.

Answer(s): A

Explanation:

The information security organization is responsible for options B and D within an organization, but they are not its primary mission. Reviewing and adopting appropriate standards (option C) is a requirement. The primary objective of an information security organization is to ensure that security supports the overall business objectives of the company.






Post your Comments and Discuss ISACA CISM exam prep with other Community members:

CISM Exam Discussions & Posts